52 research outputs found
Optimization of Anchor Nodes’ Usage for Location Verification Systems
While a growing number of Internet of Things (IoT) applications require reliable mechanisms to determine the precise location of remote devices, the aspects regarding the security of positioning algorithms should not be neglected. In this context, this paper proposes a physical-layer location verification method for IoT networks in which the concentrator node is assisted by several anchor nodes that are spread in the area of interest. We design an optimization problem to choose appropriately which anchor nodes should be triggered in the location verification process in order to minimize the activation rate of each anchor. The performance evaluation results show that the proposed policy achieves an activation rate reduction of the anchor nodes of at least 70%
DELLA CLAUSOLA PENALE E DELLA CAPARRA (ARTT. 1382-1386 C.C.)
Il commento agli artt. 1382/1386 c.c. ha inteso compiere un'analisi completa e critica delle principali problematiche in tema di clausola penale e caparra, ricostruendo in chiave sistematica il quadro normativo e l'evoluzione dottrinale e giurisprudenziale in materia
Feasibility and Limitations of Self-Spoofing Attacks on GNSS Signals with Message Authentication
In recent years, there has been an ever growing dependence on GNSS for applications in sectors ranging from telecommunications, energy transmission and distribution, to financial services and transportation. As this dependence has increased, so too have risks of intentional interference or spoofing of GNSS signals from adversaries with the intent of causing damage or obtaining illegitimate advantage. The growing interest in GNSS has brought the European Union to develop its own system, Galileo, which recently became operational. The GNSS signal generation is based on public parameters, and to the present date none of the systems provides any means to verify its authenticity or cryptographic integrity. To answer the arising concerns about GNSS security, the European Commission has recently announced that Galileo will offer Navigation Message Authentication (NMA) as a protection against falsified signals, i.e., the so called spoofing attacks. In some scenarios, the attacker can be the very owner of the receiving device, that aims, for instance, at deceiving a monitoring system. These attacks, that go under the name of self-spoofing, have thus become a concern for GNSS based applications. Such scenarios represent some of the most demanding requirements for protection against GNSS spoofing. The implementation of NMA techniques serves the purpose of making this kind of attacks more difficult, too. Two representative applications were considered in the definition of a baseline spoofing scenario and its respective assumptions: satellite-based Vessel Monitoring Systems (VMS) and smart digital tachographs. Satellite-based VMS' were introduced to protect fisheries from illegal fishing, using GNSS for enforcement. Requirements for VMS' specify acceptable position errors and associated confidence intervals, the contents and frequency of transmissions to a Fishing Monitoring Centre (FMC) that allow authorities to react in a timely manner to non compliant behaviour. Today, such measures include the use of tamper-resistant hardware and cryptographic mechanisms to provide protection against vessel owners attempting to tamper or interfere with the device; however, it is only a matter of time before malicious owner resort to GNSS spoofing as a threat to the present enforcement mechanism. The return on investment for defeating the VMS and illegally fishing in closed areas can be significant and can substantially outweigh the costs associated with conducting a spoofing attack. Digital tachographs record the activities of professional drivers including rest and driving hours, increasing road safety, ensuring minimum working conditions and guaranteeing fair competition for EU transport companies. An EU regulation prescribes requirements for construction, testing, installation, operation and repair of tachographs and their components addresses the use of GNSS, remote early detection of possible manipulation or misuse, interfaces with intelligent transport systems and security mechanisms. This paper considers as a baseline a GNSS receiver implementing defences based on the utilisation of Galileo Open Service authentication. In terms of fulfilling its primary task of protecting the integrity of the navigation message, a generic NMA scheme might simply be characterized by its key features, including the number of cryptographic bits inserted in the message, the equivalent security of the scheme, and the period of time over which a complete signature is broadcast. The equivalent security of the scheme indicates the difficulty in performing a brute-force attack on the underlying cryptographic primitives. The number of cryptographic bits inserted will directly influence the availability of the scheme, based on the ability of the receiver to correctly recover all of the bits, and is generally proportional to the equivalent security of the scheme. The period over which the data is broadcast will influence the latency experienced by the receiver in asserting the authenticity of the navigation data, and should therefore be commensurate with, and aligned with, the period over which the protected navigation data is broadcast. When considering the indirect use of the NMA data as a means of anti-spoofing, or range protection, one more feature must be considered: the conditional Shannon entropy of the cryptographic data given the previously transmitted messages. If the data are unknown at the time of broadcast, then one might assume that the adversary must first observe the genuine signal, before creating a counterfeit one. The likelihood of an adversary simply guessing the true value of the cryptographic data is related to the number of bits in question, and the a priori probability of guessing each bit. A common measure of this is the Shannon entropy. When the number of bits is high, then it is very unlikely that the adversary can readily produce a counterfeit signal, without first observing the genuine one. Of course, once the genuine signal is observed, a perfect replica can easily be made. This fact constrains somewhat the degrees of freedom of the counterfeit signals, in that they might only be broadcast in delay with respect to the genuine signals. It might be argued that this itself represents some defence against spoofing. This paper aims at evaluating the efficacy of symbol-level techniques for the mitigation of spoofing attacks. The paper will first analyse the state of the art of both GNSS spoofing attacks and anti-spoofing mechanisms. Theoretical and experimental analysis will be presented in order to investigate the possible increase in the complexity that is required for a successful attack, thanks the adoption of NMA, as well as the intrinsic limitations and weaknesses of these techniques
On trading the spreading gain with the coding rate and its application to GNSS data component design
The ubiquity of global navigation satellite system (GNSS)-based positioning and timing services is often frustrated by the necessity to operate in harsh environments, where the carrier-to-noise ratio is low, and hence, decoding of navigation data and even tracking of an acquired symbol are difficult. We consider the possibility of improving the decoding performance of the GNSS data component by trading the spreading gain against the coding rate. The rationale is that spreading codes can be seen as a form of repetition coding that can be (at least partially) replaced by more robust coding forms to improve robustness to (any form of) noise. This is true both for the classical additive white Gaussian noise channel case and for more realistic GNSS channel formats severely degraded by multiple access interference and near-far effects. By bringing results on finite-block-length channel capacity and coding rates from information/communication theory to the GNSS domain, we are able to establish and discuss the expected performance gap, as well as the limits of such tradeoff
Energy-based anchor node selection for IoT physical layer authentication
We consider a cellular Internet of things (CIoT) network where many source nodes aim at exchanging messages with a single concentrator node. To this end, they are assisted by anchor nodes that are trusted and securely connected with the concentrator node. In this context, we aim at providing a message authentication scheme based on the characteristics of the channel between the source nodes and the anchor nodes. According to this approach, the anchor nodes estimate the channel to source nodes in an initially externally authenticated fashion, while forthcoming messages are authenticated by comparing the current channel estimate with the initial estimate. Moreover, assuming that the anchor nodes have a limited energy availability, we derive suitable scheduling policies for the activation of the anchor nodes for authentication purposes. In particular, we aim at maximizing the anchors lifespan while guaranteeing given false alarm and missed detection probabilities of the authentication process. The performance of the proposed authentication protocols is evaluated in a typical CIoT scenario
Enabling Location Based Services with Privacy and Integrity Protection in Untrusted Environments through Blockchain and Secure Computation
Privacy and integrity preservation of user data is a major challenge in the context of location based services, as the assumption of trusted relationship between the user and the service provider might be too strong. The question is: how to securely collect, store and process position, navigation and timing (PNT) information and/or georeferenced data, assuming that the service provider cannot be trusted? In this work, we propose an architecture that enables LBS with privacy and integrity in untrusted environments, leveraging blockchain and secure computation. We provide mechanisms for sharing and processing PNT information and/or georeferenced data, with a detailed description of the employed cryptographic schemes and algorithms. Furthermore, we provide a validation of the proposed architecture by means of an emulation-based testbed
Nitrendipine: evaluation of the duration of the antihypertensive effect at different doses using the conventional method and ambulatory monitoring of arterial pressure
To evaluate the effect-duration of nitrendipine in 20 moderate essential hypertensives (aged from 42 to 66, mean +/- SD: 55 +/- 7) when treated with 20 mg once or twice a day, we utilized the blood pressure standard method of measurement and the ambulatory monitoring. Blood pressure determinations were made during the follow-up at 2- week intervals for 3 months, each measurement being made with a mercury sphygmomanometer, 24 +/- 3 hours after the last dose; laboratory parameters, 2 24-hour blood pressure monitoring (ICR 5200, Spacelabs) and standard ECG were performed at baseline and after 3 months. Following a 2-week run-in period with placebo bid (at 10.00 am and 10.00 pm) a 20 mg morning dose of nitrendipine was started continuing the administration of the placebo tablet at 10.00 pm. The dosage was changed to a twice active daily regimen, with an increase in the daily dose (20 mg twice a day) in those patients whose diastolic blood pressure remained greater than 90 mmHg after a 4-week control. After the twelfth week, another 2-week placebo run-in followed the active treatment. Supine blood pressure recorded after 3-month therapy, showed a significant (p less than 0.0001) reduction in both systolic and diastolic mean values (22/15 mmHg) at the end of active treatment in the 16 patients who ended the trial. In particular, the responders to 20 mg (5 patients) showed a blood pressure reduction of 18 mmHg in comparison with the run-in period; in the other group of responders to increasing dosage of 40 mg (11 patients), we observed a 8 mmHg diastolic blood pressure reduction at 28 days and a successive 7 mmHg at the end of the treatment.(ABSTRACT TRUNCATED AT 250 WORDS
Intima-media thickness (imt) and rf-based quality intima-media thickness (rfqimt) measurements in a sample of patients attending an outpatient hypertension centre
Introduction: The RFQIMT (Esaote-Italy) is a method of new generation for real-time measurement of intima-media thickness of the supra-aortic trunks. It is based on the direct radio-frequency analysis of the signal that allows to obtain data at high spatial resolution and thus improve the standard of a measure which has proved as surrogate marker of cardiovascular disease. The absolute values of IMT, indicated as standard ones by current literature and measured by the method recommended by the guidelines of the Italian Society of Vascular Diagnostics (accepted as European Guidelines) do not take into account of independent variables such as age, sex and race that may influence the correlation of this index at any level of vascular and cardiac damage. The aim of our study was to compare the values of intima-media thickness measured by the above method compared to those obtained by the method of radio-frequency taking into account the variables mentioned above.
Materials and Methods: We submitted 250 patients examined in succession in our hypertension centre to measure the intima-media thickness with conventional method (3 measurements at the level of common carotid artery, 1 cm from the carotid bifurcation) and RFQIMT. Patients had a mean age of 52.5 ± 22.5, 118 were males and 132 females, and all Caucasians. Patients had the following comorbidities: 210 patients were hypertensive patients, 126 dyslipidemic, 87 patients with diabetes, 14 patients with CAD, 72 patients with carotid plaques and 93 patients smokers.
Results: 123 patients had RFQIMT above the normal values and IMT among limits, 56 had normal both RFQIMT and IMT and 71 had both RFQIMT and IMT above the normal values.
Conclusions: When we take into account the value of RFQIMT compared to IMT, the index of cardiovascular risk linked to intima-media thickness increased significantly in more patients: 123 with RFQIMT increased compared with 71 with IMT increased. This preliminar evidence changes the correlations with the co-morbidity and makes the measure that uses radio-frequency more accurate and reliable
Spoofing Attacks on 5G PRS-Based Positioning
The advancement of 5G has significantly improved positioning accuracy, enabling a wide range of applications. This paper investigates potential vulnerabilities in 5 G positioning reference signal (PRS)-based systems, focusing on spoofing attacks. We outline three attack strategies that exploit the manipulation of signal propagation times from reference and/or auxiliary base stations (BSs) to compromise positioning. A key aspect of our analysis is identifying the conditions under which these attacks can be carried out without disrupting communication between the reference BS and the victim user equipment (UE). We further present results demonstrating the impact of these attacks on positioning accuracy and clock offset estimation
Wireless physical layer authentication for the Internet of Things
Authentication of messages in an Internet of Things (IoT) is a key security feature that may involve heavy signaling and protocol procedures, not suitable for small devices with very limited computational capabilities and energy availability. In this chapter we address the problem of message authentication in an IoT context, by using physical-layer approaches. We propose a solution based on the use of trusted anchor nodes that estimate the channel from the transmitting node and report them to a concentrator node, which takes a decision on the message authenticity. Assuming that the anchor nodes have a limited energy availability, we analyze the lifespan of the authenticating network and propose both centralized and distributed approaches to determine which anchor nodes report the information to the concentrator. The authenticating network overhead is also discussed and a tradeoff between energy efficiency and signaling traffic is found
- …
